About this blog

About Deloitte Insights

Deloitte’s Insights for C-suite executives and board members provide information and resources to help address the challenges of managing risk for both value creation and protection, as well as increasing compliance requirements.

Search Deloitte Insights

Related Deloitte Insights

Financial crime presents not only the risk of losses but spiraling costs to address them. Among the factors driving up the costs and risks associated with financial crime are compliance with increasing regulation, ongoing crime detection efforts, internal investigations, and litigation, as well as external enforcement actions and associated fines and penalties. Learn about trends in managing the risks of financial crime, including the use of technology and data analytics.

With the attention regulators have been giving to AML regulatory lapses, coupled with record fines and penalties, CROs and CCOs should stay on top of AML developments, particularly adverse AML examinations and regulatory or criminal investigations. Understand questions that can help frame an AML compliance risk profile and steps to help improve compliance risk mitigation.

Deloitte’s fifth annual “Look Before You Leap” survey found many business executives extremely or very concerned over compliance and integrity-related risks in emerging markets, which they believe have grown over the last two years. Adequately verifying information provided by business partners and third parties is particularly challenging. Understand steps that can be taken to help manage the risks of emerging markets.

Deloitte Views & Analysis

Treasurers clearly have strong mandates to be strategic, with more than 70% of respondents to a recent survey citing mandates from their CFOs in areas including liquidity risk management, efficient capital-markets access and risk management, according to the “2015 Global Corporate Treasury Survey” from Deloitte & Touche LLP. But significant challenges persist for treasurers, such as cyberthreats and navigating emerging markets.

With aggregate U.S. private-sector defined benefit pension plan assets exceeding $3 trillion, more plan sponsors are choosing to shift the liability off their balance sheets by offering voluntary lump-sum payments to pension participants or transferring defined benefit risk to an insurer through an annuity buyout—actions some call “derisking pension plans.” Learn what to consider when contemplating pension plan derisking.

Effective transfer pricing programs may increase both tax efficiency and cash for repatriation or investment, while improper allocations have the potential to artificially inflate revenue and cash balances. The integration of strategic transfer pricing, tax and treasury can help organizations manage taxes and address treasury and cash management considerations. It may also result in a more efficient business model at the global level.

Global Financial Crime Sparks New Focus on Compliance

As financial crime—including money laundering, terrorist financing, corruption and economic sanctions—has become more globalized, so have enforcement efforts. For global financial services companies caught on either side of these proliferating forces, fresh risks loom.

“Increasingly, management has accountability for compliance and that has cultural implications, as new compliance needs drive changes in incentive structures, performance measurement, education and training,” said David Williams, CEO of Deloitte Financial Advisory Services LLP, speaking during a Deloitte webcast, Regulatory Compliance in the Face of Financial Crime, Money Laundering and Cyberthreats. “Organizations should be extensively engaged in considering ways to maintain an effective compliance program,” Mr. Williams added.

Financial services industry regulators have stressed a need for a culture of compliance along four main pillars:

The globalization of U.S. regulations essentially dates to October 2008, when the financial crisis was in full force. That month, the U.S. Federal Reserve released a document, Compliance Risk Management Programs in Oversight of Large Banking Organizations with Complex Compliance Profiles. This sets out the agency’s expectation that banking organizations establish on the holding company level a compliance policy that applies across different business lines, separate legal entities and various affiliates. In effect, this means that because different jurisdictions have different legal requirements, organizations are moving to harmonize group-wide policies or to establish some form of minimum expectation. This approach marks a departure from the approaches to compliance that organizations took previously, which unfolded broadly across different jurisdictions.

Strengthening Compliance

Regulatory liabilities can be significant, so global organizations—particularly those with some connection with the U.S. either in terms of operations or access to the U.S. capital markets—are looking for ways to protect themselves as enforcement becomes more aggressive. For instance, many global organizations are considering guidance issued in November 2012 by the U.S. Department of Justice in cooperation with the Securities and Exchange Commission. This guidance addressed the question of how financial institutions might protect themselves from the highest level of civil and criminal liability against an individual within their organization who might be involved in bribery.

“An example might be a contractor who knows his bonus depends on the fulfillment of certain contracts and so may be tempted to offer a bribe to a foreign official who is responsible for signing off on a license, customs duty or shipment,” noted James Freis, Jr., counsel at Cleary Gottlieb Steen & Hamilton LLP, who presented on the webcast. “How does an institution protect itself against that? The way to do it is to establish compliance policies that establish responsible officers who have training and access to all individuals who might be placed in such a situation. So you have monitoring, and you have whistleblower-type protection,” Mr. Freis added.

Regulators have stepped up recent efforts to make management more accountable for compliance—as well as compliance failures. For example:

Regulators have recently called for senior management to demonstrate a commitment to anti-money laundering and financial crime compliance.

Organizations are restructuring compliance to create more direct line accountability to management.

“There are heightened regulatory expectations about how organizations are handling compliance. Performance measurement must and can increase the likelihood of effectuating these shifts, and so can the organizational structure,” said Alison Clew, a principal at Deloitte Financial Advisory Services LLP, speaking during the webcast. Specific considerations include the following:

Compliance as a Component of Performance

Making clear the compliance responsibilities of senior management and executives in the different lines of business.

Incorporating compliance into the performance evaluation process for senior management and line of business executives.

What capabilities/resources need to be aligned with the business lines or geographies?

What is the role/opportunity for centers of excellence?

How is the compliance function empowered?

To whom should compliance report?

How do you resolve the business vs. compliance culture?

“Longstanding challenges are involved here, and the solution to compliance will likely be specific to every enterprise, drawing on the resources of compliance, risk management, legal and other departments,” Ms. Clew said.

In fine-tuning compliance to meet evolving regulations and emerging threats, it is vital to consider cybersecurity, according to Bill Ward, executive vice president and head of financial crime risk management at Union Bank, speaking during the webcast. Breaches of cybersecurity come in many forms, including those related to commercial payments, and customer, proprietary or strategic data. “Criminal elements are constantly probing the perimeters of financial institutions and the like, looking for holes. So a combined approach to cyberthreats is appropriate,” Mr. Ward noted.